Security Bulletin 23B3093A

A compromised encrypted zone can trigger a network access

Medium

Security Bulletin 23B3093A
CVE-2023-50441 (ZONECENTRAL)
12/13/2023

SUMMARY

Opening a compromised encrypted zone can trigger a network access, with potential authentication request. It can be used by an attacker to obtain user privileges and potentially user credentials.

CVSS SCORE: BASE 4.8

  • Attack Vector (AV): Adjacent (A)
  • Attack Complexity (AC): High (H)
  • Privileges required (PR): Low (L)
  • User interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): None (N)
  • Availability (A): None (N)

DETAILS

AFFECTED PRODUCTS AND VERSIONS

  • ZONECENTRAL for Windows version prior to 2023.5, including versions Q.2021.1

SOLUTIONS AND RECOMMENDATIONS

Depending on your solution, upgrade to one of the following versions:

  • ZONECENTRAL for Windows version Q.2021.2 (version validated by ANSSI)
  • ZONECENTRAL for Windows version 2023.5

For more information, contact support[@]primx[.]eu.

ACKNOWLEDGEMENTS

ANSSI